Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
29/12/2024, 05:21
General
-
Target
e87a0300d81270d2fe65f3faaef9443e8257c4b18e0d0b1d6ac0f9496e6882f8.exe
-
Size
455KB
-
MD5
34cd3f77d92dda1c642a21151857c357
-
SHA1
848342015cf24385967a98b54292ca7720a0ce00
-
SHA256
e87a0300d81270d2fe65f3faaef9443e8257c4b18e0d0b1d6ac0f9496e6882f8
-
SHA512
a6952c9569e4103d2888baa8cd4bf2562e662df47ed7d38584fbdc453d033e55f7b14e466625a0fd59295ce4e22518230ae8a58c66d9e4ac67a20ce0562e785d
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeTx:q7Tc2NYHUrAwfMp3CDV
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e87a0300d81270d2fe65f3faaef9443e8257c4b18e0d0b1d6ac0f9496e6882f8.exe"C:\Users\Admin\AppData\Local\Temp\e87a0300d81270d2fe65f3faaef9443e8257c4b18e0d0b1d6ac0f9496e6882f8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6422408.exec:\6422408.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnnt.exec:\hbbnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\046800.exec:\046800.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g2068.exec:\g2068.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbhh.exec:\bnbbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6466824.exec:\6466824.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnbh.exec:\hhhnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbh.exec:\nhhhbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxflrx.exec:\9lxflrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnt.exec:\bttbnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26468.exec:\26468.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8266264.exec:\8266264.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjj.exec:\pjdjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbh.exec:\btntbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnbt.exec:\tbnnbt.exe17⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe18⤵
- Executes dropped EXE
-
\??\c:\7dvjp.exec:\7dvjp.exe19⤵
- Executes dropped EXE
-
\??\c:\hhhnhb.exec:\hhhnhb.exe20⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe21⤵
- Executes dropped EXE
-
\??\c:\5htbbt.exec:\5htbbt.exe22⤵
- Executes dropped EXE
-
\??\c:\btnhnh.exec:\btnhnh.exe23⤵
- Executes dropped EXE
-
\??\c:\660622.exec:\660622.exe24⤵
- Executes dropped EXE
-
\??\c:\o682226.exec:\o682226.exe25⤵
- Executes dropped EXE
-
\??\c:\20224.exec:\20224.exe26⤵
- Executes dropped EXE
-
\??\c:\868226.exec:\868226.exe27⤵
- Executes dropped EXE
-
\??\c:\xrlrfrr.exec:\xrlrfrr.exe28⤵
- Executes dropped EXE
-
\??\c:\bhbttt.exec:\bhbttt.exe29⤵
- Executes dropped EXE
-
\??\c:\202848.exec:\202848.exe30⤵
- Executes dropped EXE
-
\??\c:\4288822.exec:\4288822.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\nbnthh.exec:\nbnthh.exe33⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe34⤵
- Executes dropped EXE
-
\??\c:\djjjp.exec:\djjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\6084002.exec:\6084002.exe36⤵
- Executes dropped EXE
-
\??\c:\042244.exec:\042244.exe37⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\o466224.exec:\o466224.exe39⤵
- Executes dropped EXE
-
\??\c:\3ntnhb.exec:\3ntnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\o684000.exec:\o684000.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\q60622.exec:\q60622.exe43⤵
- Executes dropped EXE
-
\??\c:\9jpjj.exec:\9jpjj.exe44⤵
- Executes dropped EXE
-
\??\c:\1hhtht.exec:\1hhtht.exe45⤵
- Executes dropped EXE
-
\??\c:\1lrxxxr.exec:\1lrxxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\2684000.exec:\2684000.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrxffx.exec:\rlrxffx.exe49⤵
- Executes dropped EXE
-
\??\c:\0200600.exec:\0200600.exe50⤵
- Executes dropped EXE
-
\??\c:\o800600.exec:\o800600.exe51⤵
- Executes dropped EXE
-
\??\c:\2024040.exec:\2024040.exe52⤵
- Executes dropped EXE
-
\??\c:\08620.exec:\08620.exe53⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe54⤵
- Executes dropped EXE
-
\??\c:\646064.exec:\646064.exe55⤵
- Executes dropped EXE
-
\??\c:\08062.exec:\08062.exe56⤵
- Executes dropped EXE
-
\??\c:\lflfxxx.exec:\lflfxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\rflxrlr.exec:\rflxrlr.exe58⤵
- Executes dropped EXE
-
\??\c:\4204620.exec:\4204620.exe59⤵
- Executes dropped EXE
-
\??\c:\xrllrxx.exec:\xrllrxx.exe60⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe61⤵
- Executes dropped EXE
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\9jddj.exec:\9jddj.exe63⤵
- Executes dropped EXE
-
\??\c:\86842.exec:\86842.exe64⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe65⤵
- Executes dropped EXE
-
\??\c:\86666.exec:\86666.exe66⤵
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe67⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe68⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe69⤵
-
\??\c:\bhtbbb.exec:\bhtbbb.exe70⤵
-
\??\c:\vjppp.exec:\vjppp.exe71⤵
-
\??\c:\4244644.exec:\4244644.exe72⤵
-
\??\c:\lxxxlrf.exec:\lxxxlrf.exe73⤵
-
\??\c:\4860262.exec:\4860262.exe74⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe75⤵
-
\??\c:\48684.exec:\48684.exe76⤵
-
\??\c:\66002.exec:\66002.exe77⤵
-
\??\c:\7hnnbh.exec:\7hnnbh.exe78⤵
-
\??\c:\btbnnb.exec:\btbnnb.exe79⤵
-
\??\c:\42440.exec:\42440.exe80⤵
-
\??\c:\860000.exec:\860000.exe81⤵
-
\??\c:\s0226.exec:\s0226.exe82⤵
-
\??\c:\u266880.exec:\u266880.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnthbt.exec:\tnthbt.exe84⤵
-
\??\c:\w04428.exec:\w04428.exe85⤵
-
\??\c:\0466606.exec:\0466606.exe86⤵
-
\??\c:\8866262.exec:\8866262.exe87⤵
-
\??\c:\fxxxfll.exec:\fxxxfll.exe88⤵
-
\??\c:\c644040.exec:\c644040.exe89⤵
-
\??\c:\80000.exec:\80000.exe90⤵
-
\??\c:\600626.exec:\600626.exe91⤵
-
\??\c:\g6840.exec:\g6840.exe92⤵
-
\??\c:\42402.exec:\42402.exe93⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe94⤵
-
\??\c:\3jppp.exec:\3jppp.exe95⤵
-
\??\c:\g6440.exec:\g6440.exe96⤵
-
\??\c:\82062.exec:\82062.exe97⤵
-
\??\c:\u228468.exec:\u228468.exe98⤵
-
\??\c:\7jppv.exec:\7jppv.exe99⤵
-
\??\c:\4206288.exec:\4206288.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\82406.exec:\82406.exe101⤵
-
\??\c:\642844.exec:\642844.exe102⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9lffllf.exec:\9lffllf.exe103⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe104⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe105⤵
-
\??\c:\xlflllr.exec:\xlflllr.exe106⤵
-
\??\c:\42888.exec:\42888.exe107⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe108⤵
-
\??\c:\86888.exec:\86888.exe109⤵
-
\??\c:\022660.exec:\022660.exe110⤵
-
\??\c:\206626.exec:\206626.exe111⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe112⤵
-
\??\c:\k26288.exec:\k26288.exe113⤵
-
\??\c:\4204000.exec:\4204000.exe114⤵
-
\??\c:\llxfrrx.exec:\llxfrrx.exe115⤵
-
\??\c:\fxlrrxl.exec:\fxlrrxl.exe116⤵
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe117⤵
-
\??\c:\e02620.exec:\e02620.exe118⤵
-
\??\c:\2006266.exec:\2006266.exe119⤵
-
\??\c:\m6840.exec:\m6840.exe120⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-